It doesn’t happen every time … not sure (yet) which version introduced this but started to seeing these error recently. Currently on v3.16.0

Anyone happen to know what the equivalent service is in Pulumi google native for Terraform's

google_service_networking_connection

?

hey all, has any one got cert-manager working in a GKE? been trying to use @pulumi/kubernetes-cert-manager but haven't been able to figure it out

Hello folks, we are moving from a functioning project using the GCP Classic provider to the Google-Native provider. We are struggling to get impersonation working. We are using Go and the same style of configuration as for the classic provider:

gcp:impersonateServiceAccount: <mailto:res-admin@REDACTED-PROJECT.iam.gserviceaccount.com|res-admin@REDACTED-PROJECT.iam.gserviceaccount.com>
  google-native:impersonateServiceAccount: <mailto:res-admin@REDACTED-PROJECT.iam.gserviceaccount.com|res-admin@REDACTED-PROJECT.iam.gserviceaccount.com>

but it is unable to retrieve the access token:

error: Native: rpc error: code = Unknown desc = invocation of google-native:cloudresourcemanager/v3:getFolder returned an error: error sending request: impersonate: unable to generate access token: Post "https:// <http://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/res-admin@REDACTED-PROJECT.iam.gserviceaccount.com:generateAccessToken|iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/res-admin@REDACTED-PROJECT.iam.gserviceaccount.com:generateAccessToken>": context canceled

# debug log shows it's a reset but this is not a networking issue because it is repeatable (and works via gcloud)
... eventsink.go:86] eventSink::Error(<{%reset%}>

However, this works with the Classic provider and also using gcloud:

❯ gcloud resource-manager folders describe 163783803528 --impersonate-service-account=res-admin@REDACTED-PROJECT.iam.gserviceaccount.com

WARNING: This command is using service account impersonation. All API calls will be executed as [res-admin@REDACTED-PROJECT.iam.gserviceaccount.com].
WARNING: This command is using service account impersonation. All API calls will be executed as [res-admin@REDACTED-PROJECT.iam.gserviceaccount.com].
createTime: '2021-06-16T13:59:02.491Z'
...

Minimal Go code attached. Any ideas as to what's going wrong?

Hi all 👋 I've made a small component module for Python to cap GCP billing costs via Billing Alerts, Pub/Sub & Cloud Functions, maybe this will be useful to some (I couldn't find any existing pulumified guides around this). GitHub: https://github.com/saiko-tech/gcp-billing-cap Ideas & suggestions are very welcome, it's a pretty crude implementation and I'm not super familiar with Pulumi best-practices 😅 PS: I would have liked to publish it as a proper Pulumi package so it's usable from all languages, but I gave up rather quickly as the process seems quite complicated and publishing to the pulumi registry isn't publicly accessible yet.

Hope this is useful to someone 🙂

var computeService = new Service(
            "compute",
            options: new() {
                Parent = this,
            },
            args: new ServiceArgs
            {
                ServiceName = "<http://compute.googleapis.com|compute.googleapis.com>",
            }
        );

        var defaultNetwork = Output.Create(GetNetwork.InvokeAsync(new()
        {
            Network = "default",
        }));

Is there any way for me to have the call to

GetNetwork

depend on

computeService

? Right now GCP is giving me an error because I'm trying to call

GetNetwork

prior to the API for it being enabled...

@prehistoric-activity-61023 just continuing off the last thread - I am, too, having issues with first activating/enabling services using the python automation SDK

essentially GCP complains that the "X service isn't started as yet" especially when spinning up a new stack

Hi! When deploying a docker container on a compute engine instance via Pulumi, how would you persist state? If I update the docker container version via Pulumi, this would create a new compute engine instance I believe? Thanks a lot!

trying to clone a db with pulumi

what does this look like?

id This property is required. - The unique provider ID of the resource to lookup.

anyone?

I am running this basically…

export const geodudeTestInstance = gcp.sql.DatabaseInstance.get(<NAME>, <ID>, ...);

and getting this error

error: Preview failed: resource '<ID>' does not exist

Hi! I think the docs should reference ClusterNodeConfigWorkloadMetadataConfigArgs instead of ClusterNodeConfigWorkloadMetadataConfig at https://www.pulumi.com/registry/packages/gcp/api-docs/container/cluster/#workloadmetadataconfig_go. Does that make sense? I'm not sure how the docs are generated, but I'd be happy to try and fix this.

Out of curiosity, has anyone set up shared VPC using the Google Native provider? I know I can probably get it done quickly with the classic provider via

compute/SharedVpc{Host,Service}Project

, but I’m trying to get as far as I can with the native provider since the docs recommend using it for new projects. If the answer is that it doesn’t really exist yet that’s fine, I’m just trying to confirm that I’m not simply missing it in the API docs anywhere.

I am new to GCP, and I am seeing this weird thing. I have set up a local service account and set it up on my machine with

gcloud auth activate-service-account…

I looked at my config, and auth stuffs, but pulumi is still trying to run under an old and different GCP service account it seems:

* googleapi: Error 403: [account name]@appspot.gserviceaccount.com does not have storage.buckets.create access to the Google Cloud project., forbidden

In the GCP Native Provider, how do we create a

RouterNat

type? I've tried

compute.Router.RouterNat

to no avail..https://www.pulumi.com/registry/packages/google-native/api-docs/compute/v1/router/#routernat

Hi, anyone know how to activate a service API for an existing Project? ie

gcloud services enable my-consumed-service

but with the google-native provider?

Hi, I thought the new GCP Native provider would be "always up-to-date"? However, there's an API for Data Pipelines that was released some time ago, but it doesn't seem to be picked up by the provider. https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/ Have I missed it or is perhaps not "always up-to-date"?

Hello everybody, My team and I are migrating our infrastructure from terraform. I wish to retrieve the state of our k8s cluster using the

import

arg from the

CustomResourceOptions

interface (we're using ts). In order to do so, I need to retrieve the cluster ID, which I got already, but for some reason the

google-native

complains that the resource doesn't exist. The classic api works like a charm using the

$PROJECT_ID/$LOCATION/$CLUSTER_NAME

naming convention for IDs. My tech-lead, though, suggests that we should use the

google-native

api instead. So my question is: do you guys know what the API expects to receive to identify the resource by its ID? So far I tried the following possibilities: • v1/projects/$PROJECT_ID/locations/$LOCATION/clusters/$CLUSTER_NAME • projects/$PROJECT_ID/locations/$LOCATION/clusters/$CLUSTER_NAME • $PROJECT_ID/$LOCATION/$CLUSTER_NAME Thank you so much for your time. I wish y'all a nice day.

Hi! I’m trying to create a GKE Autopilot cluster using the google-native library, however I’m running into some trouble trying to define the node config for it and the documentation isn’t very clear to me. In GCP (Classic), it would be something like:

const cluster = new gcp.container.Cluster("mygke", {
...
...
  enableAutopilot: true,
  initialNodeCount: 1,
  nodeConfig: {
    machineType: "n2d-standard-2",
    oauthScopes: [
      ...
    ],
  },
...
...
});

But I can’t define a

nodeConfig

in the new google-native library and the

nodePools

in not very clear to me because and still mentions

nodeConfig

and

initialNodeCount

which are no longer input properties anymore: https://www.pulumi.com/registry/packages/google-native/api-docs/container/v1/cluster/#nodepools_nodejs Does anyone here have any experience with GKE Autopilot and new google-native library? EDIT: as it stands, I can create a Autopilot cluster with no nodes

When I'm using the google cloud storage driver to manage my state, Pulumi is giving me the following error on my CI machine:

You do not appear to have access to project

I'm using a service account (have been able to access other buckets with it) on my CI machine, so I know it definitely has permission to work with resources inside of the project. For some reason though, Pulumi thinks it doesn't... Any possible causes for this error? Is there a list of permissions the Pulumi GCP driver expects to have?

I’ve looked around the new google-native library (v0.9.0 was released today!) but I don’t see an equivalent of the servicenetworking api (https://www.pulumi.com/registry/packages/gcp/api-docs/servicenetworking/connection/). Is that correct or am I just not seeing it? 😑

Hi, I've been struggling to successfully identify some our IAMBinding IDs. As a result of this, I'm getting the following error:

error: Preview failed: importing <bucket-resource-name>/roles/storage.objectCreator: Wrong number of parts to Binding id [<bucket-resource-name>/roles/storage.objectCreator]; expected 'resource_name role [condition_title]'.

I tried so far with

<bucket_name>

,

b/<bucket_name>

,

<project-id>/<bucket-name>

, and

<project-id>/b/<bucket-name>

but I got the same error regardless. Any ideas?

Hi all, I'm struggling trying to get started with pulumi. I've started off by trying to import some of my existing infra (google-native) but it's failing for me. I tried to go take a look at the docs here https://www.pulumi.com/registry/packages/google-native/api-docs/https://www.pulumi.com/registry/packages/google-native/api-docs/ but when I click on Bucket I get a 404.

I was already able to set up a new bucket in my project using the template. Trying to do

pulumi import google-native:storage/v1:Bucket  <bucket name> <bucket name>

causes it to fail with

Preview failed: resource '<bucket name>' does not exist